Installing Shorewall on a virtual server: ERROR: Your kernel/iptables do not include state match support

Question

I just got a virtual server (I think virtuozzo) with root access. I wanted to install shorewall but when I want to start it I get the error message

# shorewall start
Compiling...
Processing /etc/shorewall/shorewall.conf...
ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system

So now I'm wondering what can I do? The system ist ubuntu 11.10.

@SimonJGreen the OP wants to do things which are beyond their control. — Tom O'Connor, Mar 13 '12 at 08:58

score 8 · Answer 1 · answered Mar 12 '12 at 21:34

8

Virtuozzo is an interesting type of virtualisation. It's actually a "jail" - in the FreeBSD sense, rather than a hypervisor type Virtual Machine, like KVM. As a result, you need to tune the options of the Virtual Machine Host, to allow certain kernel functions to be passed through.

I believe that Virtuozzo is effectively OpenVZ (or similar enough) underneath, so you'll need to edit /etc/vz/vz.conf and add "ipt_state" to the IPTABLES variable, then restart the VM. (source)

Of course, you might not be able to do this, if you don't have control over the VM Host.

answered Mar 12 '12 at 21:34

Tom O'Connor

27,480
10
73
148

No, I don't have access to the VM host. – toom Mar 12 '12 at 22:34
2

Well, you're SOL then. – Tom O'Connor Mar 12 '12 at 22:54

score 1 · Accepted Answer · answered Mar 12 '12 at 21:35

1

I'm thinking you are on openVZ and they haven't configured the server correctly.

answered Mar 12 '12 at 21:35

Lucas Kauffman

16,880
9
58
93

What do you mean by "haven't configured the server correctly"? – toom Mar 12 '12 at 22:34
In openVZ you need to configure the host to explicitly allow this like Tom suggested. – Lucas Kauffman Mar 13 '12 at 08:10

Installing Shorewall on a virtual server: ERROR: Your kernel/iptables do not include state match support

2 Answers2